Jump to content

Search the Community

Showing results for tags 'blog.emsisoft.com'.

More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • A Test Category
  • Immunet Information
    • Announcements
    • Support Documentation
    • FAQ
  • Immunet Community Discussions
    • Immunet General Forum
    • Ideas
    • Immunet Support (Issues/Defects)
    • False Positives
    • Malware Detections
    • Malware Removal
  • Immunet Local Communities
  • ClamAV For Windows Community
    • ClamAV For Windows General Forum


  • Knowledge Base
  • Installation
  • FAQs

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start








Found 2 results

  1. Rogue security software is a type of Trojan that presents itself as antivirus software, and right now there is a very pesky type of rogue circulating the Internet that is very similar to what was called The Protector Rogue, in 2012. The Protector Rogue took its namesake from the file-name protector-xxx.exe (where x’s were random letters). This malware was very common until it was for the most part eradicated in September of last year. This new version of the Protector Rogue has the file-name guard-xxx.exe and the registry run value GuardSoftware. Because hackers are generally lazy, they usually base new malware of off older versions, and GuardSoftware has many of the same components that Protector did. In fact, despite the name change, even the Graphical User Interface (GUI) is still setup for Windows XP. This unchanged GUI is a dead giveaway to anyone running anything past XP. The makers of GuardSoftware have implemented a few new tricks, however, and it’s for this reason that the malware is starting to work. GuardSoftware’s installer, or dropper, has a valid digital signature, which makes it more trustworthy to the human eye at glance and which will bypass certain forms of heuristic detection. At the same time, GuardSoftware utilizes hijacking techniques not previously observed in comparable rogue programs. After installation, GuardSoftware restarts your computer and then essentially locks your desktop with a “Scanning In Progress” screen. This screen is meant to fool users into trusting GuardSoftware, and it even goes as far as allowing you to “disable” the scan through an “Options” feature. This faux-disable will unlock your desktop, but it will not stop the scan. Instead, the supposed scan will continue to run in the background, with constant pop-up reminders that your computer is infected, all aimed at persuading you to purchase the full version of GuardSoftware, by entering your credit card information into a screen like this: GuardSoftware is one of the first rogue programs to utilize such screen locking, which in the past has typically only been observed in ransomware. In the past, Protector Rogues would instead just scare users with frightening messages, such as YOUR COMPUTER IS INFECTED or PROTECTOR FOUND 136 VIRUSES ON YOUR COMPUTER!!! It would seem that whoever developed GuardSoftware has realized that most computer users are no longer so gullible, and that a more forceful approach is necessary. This rogue family uses a variety of names, some examples are Windows Expert Console, Windows Cleaning Toolkit and Windows Active Hotspot. Below are some sha1 hashes listed for these variants: FAAB416D4423F08337707D6FC15FA4ACA143D9BE 2966D9B0B7B27C1CA2FA46F93E26E82FBB7FE64C CB8B40EACC05C5D34396D70C9B9C1D931A780517 Our recommendation is to block the program immediately and to identify exactly where GuardSoftware was encountered so that the point of contact can be avoided and that you can warn your friends. If it is anything like its predecessor, it will be around for some time…but it will also eventually be defeated Copied from: blog.emsisoft.com
  2. Identity theft has been around as long as there has been identity. Long before the age of computers, people specialized in the art of forgery, to pose as others and to use their assets to their advantage. Identity Theft: Ways and means Before computers and before what has become the ubiquitous connectivity of modern day life, information was much scarcer. Identify thieves had to work a lot harder to uncover their victim’s details; however, once they found what they wanted it was often much easier than it is today to get away with the crime. The emergence of large scale credit bureaus in 1970s marked a new era in identity theft. These bureaus specialized in the collection of individuals’ financial information, and they quickly became targets for maleficent con-men looking for an easy score. Primitive identify theft consisted of cold-calling such credit bureaus and conning customer service reps into giving away the essentials, like a person’s DOB and SSN. Identity thieves could then use these credentials to log onto government databases and access financial activity records. Before the Internet became what it is today, these records were about all identity thieves had to work with. Such records were usually just a simple list of where a person held financial accounts, and nothing more. Identity thieves had to use these records as leads, and contact the places where their victim banked directly, over the phone. They’d then have to swindle their way past yet another customer service rep, and hope to get an account number – the prized payoff and score. Today, all of this has changed. Smooth talking con-men who could charm their way past yesterday’s customer service reps have been replaced by the modern day hacker, who instead manipulates the encrypted data of 1s and 0s. Identity Theft: Today Today, everything from your checking account to that party you went to last Friday night is located somewhere on the web. It’s no longer just one governmentally controlled database accessible only to those who know your SSN. If you spend any significant amount of time online, just about anyone who knows how to use Google can probably find out where you live and what you do for a living in a matter of minutes. And for a motivated hacker, this is more than enough of a lead. Modern day identity theft works on the premise that “the thing” one wants to steal is located on the target’s personal computer. This “thing” is usually a collection of passwords and records that will allow further access to personal financial accounts. Technical details aside, what modern day identity theft boils down to is placing a malicious program onto a victim’s computer that will allow the hacker free reign to all of their files. For even moderately competent hackers, creation of such a program is quite simple. Identity Theft: Tools There are a number of programs a hacker can use to get what they want from your computer, and while identity theft protection is far from dependent on a technical understanding of these tools, it can useful to be acquainted with them. Log keystrokes A log keystrokes program is exactly what it sounds like – a program that records what you’re typing and shows it to the hacker. Log keystrokes programs are usually used to discover passwords to financial accounts, but they can also be leveraged to monitor a target’s online communications. Brute Force password hacking Many hackers have the formulation of passwords down to a science and can simply figure out your password through a series of educated guesses or through the use of an algorithm. The unfortunate reality of password security is that it usually isn’t that secure. Most people reuse their passwords, and most of these passwords are relatively easy to guess. Let’s say for example that you were born in 1960 and that you have a pet dog named Sarge, so you decide to make your password Sarge1960. Let’s say that you also have a Facebook account that lists your birthday and features tagged photos of you and Sarge. Any hacker with a pulse and the inclination is going to figure you out. Backdoor access If a hacker wants to get into your computer to steal passwords or files or to remotely monitor your activity, they can install a “backdoor” entryway. Backdoor programs exploit weaknesses in your network security and allow the hacker to come and go as they please, without your knowledge or permission. Many backdoor entryways are created when unsuspecting computer users download “Trojan Horses,” which are programs designed to look like useful software that actually establish backdoor entries behind the scenes. Trojans are just one of multiple ways a hacker can get into your system, though. As we will see, there are actually numerous routes of access, many of which are easy to overlook, and all of which would make the con-men of yesterday proud. Identity Theft: Infiltration Today’s identity thieves are armed with many forms of software and computerized tools, but these tools are absolutely useless unless they are installed on your computer. Accordingly, determined hackers have been known to go to great lengths to get their malware on their victims’ computers. Physical implantation Though not the most creative method, physical implantation is tried and true and extremely effective. If a hacker really wants to establish a backdoor entry or a log keystrokes program on your computer, they can simply break into your home and install the file while you are away. Attacking your wireless network Hackers can camp outside your home and attempt to identify your wireless network. If you have a Wireless Protected Setup (WPS), breaking in is surprisingly easy. Once inside your network, hackers can pretty much do whatever they want. This includes stealing your sensitive information right then and there, establishing a backdoor entryway, or simply implanting any other type of virus they’d like. Fooling you onto their network Hackers often fool their targets into logging onto wireless networks in public places. For example, a hacker could wait for their target at a coffee shop, set up a network called “Coffee Shop’s Free Wi-Fi,” and thereby dupe the target into logging on. Once the connection is made, the hacker may be able to monitor what you are doing online, view your computer’s files, or implant a virus. Malicious Email In I challenged hackers to investigate me and what they found out is chilling, gonzo journalist Adam Penenberg challenges 3 white hat hackers to steal his digital life. The hackers ultimately succeeded, and they did so through means of malicious email. By now, even the most inexperienced of computer users knows full well not to open phishy sounding email from a mysterious stranger with an offer that’s just too good to be true – but hackers know this, and have creative ways of working around it. In Penenberg’s case, the hackers leveraged the fact that the journalist’s wife ran her own Pilates studio. They then posed as a young woman applying for a job as an instructor. They went as far as finding a real woman online and using linkage to her social media profiles to craft a convincing ruse. In their “email application,” they included a “video resume” attachment. Penenberg’s wife ended up opening this attachment on her laptop, and from there the hackers had a field day. Malicious Websites Hackers can also get what they want from you by creating malicious websites. Links to such websites can be supplied to their targets in any number of ways. For example, a hacker could pose as person with interests similar to your own, and post a friendly invitation to visit their “blog” on your social media profile. The “blog” would actually be a phishing site or a means of getting you to download malware. A malicious website could also use the Trojan horse technique, and pose as a site that’s offering free software. The software could be advertised as anything useful, such as a PC tuner or even an antivirus system. While running, the software would indeed appear to be what it had been advertised as, however, in reality, this appearance would actually be masking some sort of virus, such as a key logger or backdoor. Malicious Hardware Believe it or not, one of the most creative and seemingly innocuous approaches to identity theft infiltration is through malicious hardware, such as an infected flash drive. This method is mostly used when identity thieves have a specific target in mind. If a hacker has done their research and found out where you live or work, they can simply load their malware onto a flash drive and drop it somewhere where you are likely to find it, in the hope that curiosity will kill the cat and you’ll plug the drive into your computer. If that doesn’t work, they could simply go to where you work, and wait for the right opportunity to “borrow your printer” on the pretense that they need to “print out a resume” for a job interview. Depending on the type of job you have, this may or may not work, but a determined identity thief seeking a means of infiltration is limited only by the nefariousness of their imagination. Identity theft: Prevention While the means of identity theft have most certainly changed, the essence of approach is fundamentally the same and probably will be forever. Silver-tongued con men and maleficent hackers both rely on establishing a pretense and fooling their targets into giving away their personal information. The truth is that if a hacker wants into your life bad enough, they will probably find a way in. Hackers are highly intelligent, and sometimes a bit crazy. Fortunately, however, most individuals don’t have enemies of this nature. More often, hackers target corporations over individuals, because the larger size allows for more modes of entry and a greater degree of anonymity. No one is completely immune to identity theft, though, and in addition to well-designed antivirus software there are many common sense measures that all basic computer users should put into place. Familiarity with the tools and means of modern day identity theft outlined above is a great start, but even those who know nothing about the world of hacking can protect themselves from identity theft with a healthy dose of skepticism. If you’ve been around for a while, you can probably spot a con-man or a scam when you see one, and in the world of computers the warning signs and acts of pretense are in many ways the same. As in day-to-day life, anything you’re unfamiliar with should be put under the strictest review before you open it with your computer. Unfamiliar file extensions and phishy emails from strangers are best ignored. Remember that Public Wi-Fi usage is Public. And whatever you do, don’t create an excel sheet of all your passwords ever. That’s just asking for identity theft, from just about anyone who can open a file and read. Copied from: blog.emsisoft.com I read this Emsisoft blog and thought I'd share it with the Immunet forum community as it contains some great information that just might help keep you, a loved one or a friend from falling victim to the ever growing crime of identity theft. Best wishes, Ritchie...
  • Create New...